Skip to main content
L
lgrant16-Pearl
16-Pearl
November 28, 2016
Question

Access Policy added to Role does not apply, only to Group!

  • November 28, 2016
  • 2 replies
  • 1869 views

Anyone seen this in WC11 M010?

If I add a policy to a Role in a container then the members of the group in that role don't get the access, if I add the same policy to the Group then they do!

Same for for OOB roles and new Roles that we have added.

I have tired at container, Org and Site policy with no luck.

I first notice this when members of a group could not see the Groups under the Roles {Says (Secured information) ]. When I allow Read for type Group for the role nothing changed, when I add it to the group then they could see the name of the Groups under the roles. Crazy.

Any ideas?

2 replies

M
MikeLockwood22-Sapphire I
22-Sapphire I
November 28, 2016

In Policy Admin, are you for sure applying the ACLs to the "Context Team Role" on the Roles tab?  Assuming so, are the user groups mapped to that Role in the Product/Library?

L
lgrant16-PearlAuthor
16-Pearl
November 29, 2016

Hi Mike,

Yes I am sure the ACL was applied to the Role in that context as I only added that new Role to that context.I also tried it on some OOB roles just to check.

Its as if somehow the ACL is not applied to the Group thats in the Role.

M
MikeLockwood22-Sapphire I
22-Sapphire I
November 29, 2016

Definitely frustrating - have seen lots of things like this over the years.

Only other suggestions are:

- Use Manage Security a lot to track down exactly what ACL's are being applied to specific groups / users

- Remove, then re-add the ACL and see what this does (shouldn't have to do this but sometimes it lends light to the situation)

L
lgrant16-PearlAuthor
16-Pearl
November 30, 2016

Made some headway on this.

First I removed all the extra roles in the context that I was not going to use. Then I added the new Roles in ALL the context. I was then able to apply a policy to that Role and it worked. I then added a test Group to place in the role.

I also Hide all the Role I was not going to use.

For now, it seems that I can use the Org level Policy.

The one thing that makes this difficult in 11 is having Windchill find (display) the role I want to add the Policy to. You type in the name and sometimes nothing displays, I then type in another name and wait for the Advanced Search to pop up so I can type in the correct name. Chrome seems to be a bit faster at this then IE.

Terms & ConditionsAccessibility statement